diff --git a/.circleci/config.yml b/.circleci/config.yml index e9cc6fd26ad..4e7cfd2522d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -208,17 +208,19 @@ jobs: - checkout - setup_remote_docker - run: - name: Build and publish slim-dev + name: Build and publish no-driver-dev command: | FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') - docker build --build-arg VERSION_BUCKET=deb-dev --build-arg FALCO_VERSION=${FALCO_VERSION} -t falcosecurity/falco:master-slim docker/slim + docker build --build-arg VERSION_BUCKET=bin-dev --build-arg FALCO_VERSION=${FALCO_VERSION} -t falcosecurity/falco-no-driver:master docker/no-driver + docker tag falcosecurity/falco-no-driver:master falcosecurity/falco:master-slim echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin + docker push falcosecurity/falco-no-driver:master docker push falcosecurity/falco:master-slim - run: name: Build and publish dev command: | FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') - docker build --build-arg VERSION_BUCKET=deb-dev --build-arg FALCO_VERSION=${FALCO_VERSION} -t falcosecurity/falco:master docker/stable + docker build --build-arg VERSION_BUCKET=deb-dev --build-arg FALCO_VERSION=${FALCO_VERSION} -t falcosecurity/falco:master docker/falco echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin docker push falcosecurity/falco:master - run: @@ -266,11 +268,15 @@ jobs: - checkout - setup_remote_docker - run: - name: Build and publish slim + name: Build and publish no-driver command: | - docker build --build-arg VERSION_BUCKET=deb --build-arg FALCO_VERSION=${CIRCLE_TAG} -t "falcosecurity/falco:${CIRCLE_TAG}-slim" docker/slim - docker tag "falcosecurity/falco:${CIRCLE_TAG}-slim" falcosecurity/falco:latest-slim + docker build --build-arg VERSION_BUCKET=bin --build-arg FALCO_VERSION=${CIRCLE_TAG} -t "falcosecurity/falco-no-driver:${CIRCLE_TAG}" docker/no-driver + docker tag "falcosecurity/falco-no-driver:${CIRCLE_TAG}" falcosecurity/falco-no-driver:latest + docker tag "falcosecurity/falco:${CIRCLE_TAG}" "falcosecurity/falco:${CIRCLE_TAG}-slim" + docker tag "falcosecurity/falco:${CIRCLE_TAG}" "falcosecurity/falco:latest-slim" echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin + docker push "falcosecurity/falco-no-driver:${CIRCLE_TAG}" + docker push "falcosecurity/falco-no-driver:latest" docker push "falcosecurity/falco:${CIRCLE_TAG}-slim" docker push "falcosecurity/falco:latest-slim" - run: diff --git a/docker/README.md b/docker/README.md index 6becb048f8a..c700becae1b 100644 --- a/docker/README.md +++ b/docker/README.md @@ -6,9 +6,9 @@ This directory contains various ways to package Falco as a container and related | Name | Directory | Description | |---|---|---| -| [falcosecurity/falco:latest](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:master](https://hub.docker.com/repository/docker/falcosecurity/falco) | docker/stable | Falco (DEB built from git tag or from the master) with all the building toolchain. | -| [falcosecurity/falco:latest-slim](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:_tag_-slim](https://hub.docker.com/repository/docker/falcosecurity/falco),[falcosecurity/falco:master-slim](https://hub.docker.com/repository/docker/falcosecurity/falco) | docker/slim | Falco (DEB build from git tag or from the master) without the building toolchain. | +| [falcosecurity/falco:latest](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:master](https://hub.docker.com/repository/docker/falcosecurity/falco) | docker/falco | Falco (DEB built from git tag or from the master) with all the building toolchain. | | [falcosecurity/falco-driver-loader:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader), [falcosecurity/falco-driver-loader:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader), [falcosecurity/falco-driver-loader:master](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader) | docker/driver-loader | `falco-driver-loader` as entrypoint with the building toolchain. | +| [falcosecurity/falco-no-driver:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-no-driver), [falcosecurity/falco-no-driver:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco-no-driver),[falcosecurity/falco-no-driver:master](https://hub.docker.com/repository/docker/falcosecurity/falco-no-driver) | docker/no-driver | Falco (TGZ built from git tag or from the master) without the building toolchain. | | [falcosecurity/falco-builder:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-builder) | docker/builder | The complete build tool chain for compiling Falco from source. See [the documentation](https://falco.org/docs/source/) for more details on building from source. Used to build Falco (CI). | | [falcosecurity/falco-tester:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-tester) | docker/tester | Container image for running the Falco test suite. Used to run Falco integration tests (CI). | | _to not be published_ | docker/local | Built on-the-fly and used by falco-tester. | diff --git a/docker/stable/Dockerfile b/docker/falco/Dockerfile similarity index 100% rename from docker/stable/Dockerfile rename to docker/falco/Dockerfile diff --git a/docker/stable/docker-entrypoint.sh b/docker/falco/docker-entrypoint.sh similarity index 100% rename from docker/stable/docker-entrypoint.sh rename to docker/falco/docker-entrypoint.sh diff --git a/docker/no-driver/Dockerfile b/docker/no-driver/Dockerfile new file mode 100644 index 00000000000..1e56d92177f --- /dev/null +++ b/docker/no-driver/Dockerfile @@ -0,0 +1,61 @@ +FROM ubuntu:18.04 as ubuntu + +LABEL maintainer="cncf-falco-dev@lists.cncf.io" + +ARG FALCO_VERSION +ARG VERSION_BUCKET=bin + +ENV FALCO_VERSION=${FALCO_VERSION} +ENV VERSION_BUCKET=${VERSION_BUCKET} + +WORKDIR / + +ADD https://bintray.com/api/ui/download/falcosecurity/${VERSION_BUCKET}/x86_64/falco-${FALCO_VERSION}-x86_64.tar.gz / + +RUN apt-get update -y && \ + apt-get install -y libyaml-0-2 binutils && \ + tar -xvf falco-${FALCO_VERSION}-x86_64.tar.gz && \ + rm -f falco-${FALCO_VERSION}-x86_64.tar.gz && \ + mv falco-${FALCO_VERSION}-x86_64 falco && \ + strip falco/usr/bin/falco && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +FROM scratch + +COPY --from=ubuntu /lib/x86_64-linux-gnu/libanl.so.1 \ + /lib/x86_64-linux-gnu/libc.so.6 \ + /lib/x86_64-linux-gnu/libdl.so.2 \ + /lib/x86_64-linux-gnu/libgcc_s.so.1 \ + /lib/x86_64-linux-gnu/libm.so.6 \ + /lib/x86_64-linux-gnu/libnsl.so.1 \ + /lib/x86_64-linux-gnu/libnss_compat.so.2 \ + /lib/x86_64-linux-gnu/libnss_files.so.2 \ + /lib/x86_64-linux-gnu/libnss_nis.so.2 \ + /lib/x86_64-linux-gnu/libpthread.so.0 \ + /lib/x86_64-linux-gnu/librt.so.1 \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /lib/x86_64-linux-gnu/ + +COPY --from=ubuntu /usr/lib/x86_64-linux-gnu/libstdc++.so.6 \ + /usr/lib/x86_64-linux-gnu/libstdc++.so.6 + +COPY --from=ubuntu /usr/lib/x86_64-linux-gnu/libyaml-0.so.2.0.5 \ + /usr/lib/x86_64-linux-gnu/libyaml-0.so.2 + +COPY --from=ubuntu /etc/ld.so.cache \ + /etc/nsswitch.conf \ + /etc/ld.so.cache \ + /etc/passwd \ + /etc/group \ + /etc/ + +COPY --from=ubuntu /etc/default/nss /etc/default/nss +COPY --from=ubuntu /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 + +COPY --from=ubuntu /falco / + +RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \ + && mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml + +CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"] \ No newline at end of file diff --git a/docker/slim/Dockerfile b/docker/slim/Dockerfile deleted file mode 100644 index 538d7ae3bfc..00000000000 --- a/docker/slim/Dockerfile +++ /dev/null @@ -1,48 +0,0 @@ -FROM ubuntu:18.04 - -LABEL maintainer="cncf-falco-dev@lists.cncf.io" - -LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name " - -ARG FALCO_VERSION=latest -ARG VERSION_BUCKET=deb - -ENV FALCO_VERSION=${FALCO_VERSION} -ENV VERSION_BUCKET=${VERSION_BUCKET} - -ENV HOST_ROOT /host -ENV HOME /root - -RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root - -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - # bash-completion \ - # bc \ - ca-certificates \ - curl \ - gnupg2 \ - jq \ - # netcat \ - # xz-utils \ - && rm -rf /var/lib/apt/lists/* - -RUN curl -s https://falco.org/repo/falcosecurity-3672BA8F.asc | apt-key add - \ - && echo "deb https://dl.bintray.com/falcosecurity/${VERSION_BUCKET} stable main" | tee -a /etc/apt/sources.list.d/falcosecurity.list \ - && apt-get update -y \ - && if [ "$FALCO_VERSION" = "latest" ]; then apt-get install -y --no-install-recommends falco; else apt-get install -y --no-install-recommends falco=${FALCO_VERSION}; fi \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Change the falco config within the container to enable ISO 8601 -# output. -RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \ - && mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml - -# Some base images have an empty /lib/modules by default -# If it's not empty, docker build will fail instead of -# silently overwriting the existing directory -RUN rm -df /lib/modules \ - && ln -s $HOST_ROOT/lib/modules /lib/modules - -CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]